GDPR & Data Protection Statement

Data Protection & Access to Information

Our business will comply with all statutory requirements of the Data Protection Act by registering all personal data held on its computer and/or related electronic equipment and by taking all reasonable steps to ensure the accuracy and confidentiality of such information.

The Data Protection Act protects individuals’ rights concerning information about them held on computer.  Anyone processing personal data must comply with the eight principles of good practice.  Data must be:

  • fairly and lawfully processed.
  • processed for limited purposes.
  • adequate, relevant and not excessive.
  • accurate and not kept longer than necessary.
  • processed in accordance with the data subject’s rights.
  • not transferred to countries without adequate protection.

This policy is operational from 25 May 2018. The purpose of this policy is to enable us to:

  • Comply with our legal, regulatory and corporate governance obligations and good practice.
  • Gather information as part of investigations by regulatory bodies or in connection with legal proceedings or requests.
  • Ensure business policies are adhered to (such as policies covering email and internet use).
  • Fulfill operational reasons, such as recording transactions, training and quality control, ensuring the confidentiality of commercially sensitive information and security vetting.
  • Investigate complaints.
  • Check references, ensuring safe working practices, monitoring and managing staff access to systems and facilities and staff absences, administration and assessments.
  • Monitor staff conduct, disciplinary matters.
  • Market our business.
  • Improve services.


This policy applies to information relating to identifiable individuals e.g. staff, applicants, former staff, clients, suppliers and other third party contacts.

We will:

  • Comply with both the law and good practice.
  • Respect individuals’ rights.
  • Be open and honest with individuals whose data is held.
  • Provide training and support for staff who handle personal data, so that they can act confidently and consistently.

We recognise that our first priority under the GDPR is to avoid causing harm to individuals.  In the main this means:

  • Complying with your rights.
  • Keeping you informed about the data we hold, why we hold it and what we are doing with it.
  • Keeping information securely in the right hands, and;
  • Holding good quality information.

Secondly, GDPR aims to ensure that the legitimate concerns of individuals about the ways in which their data may be used are taken into account.  In addition to being open and transparent, we will seek to give individuals as much choice as is possible and reasonable over what data is held and how it is used.  This includes the right to erasure where data is no longer necessary and the right to rectification where the data is incorrect.  Full details are available in the Privacy Notice issued at the point of gathering the data.

We have identified the following potential key risks, which this policy is designed to address:

  • Breach of confidentiality (information being given out inappropriately).
  • Insufficient clarity about the range of uses to which data will be put — leading to Data Subjects being insufficiently informed.
  • Failure to offer choice about data use when appropriate.
  • Breach of security by allowing unauthorised access.
  • Failure to establish efficient systems of managing changes, leading to personal data being not up to date.
  • Harm to individuals if personal data is not up to date.
  • Insufficient clarity about the way personal data is being used.
  • Failure to offer choices about use of contact details for staff, clients workers or employees.

In order to address these concerns, to accompany this policy, we have an accompanying Information Security Policy and we will issue Privacy Notices to explain what data we have, why we have it and what we will do with it.  The Privacy Notice will also explain the data subjects rights.  We will offer training to staff where this is necessary and appropriate in the circumstances to ensure compliance with GDPR.  Such training will vary according to the role, responsibilities and seniority of those being trained.

We aim to keep data only for so long as is necessary which will vary from according to the circumstances. 

We have no intention to transfer data internationally.

Significant breaches of this policy will be handled under the Company’s disciplinary procedures which may amount to gross misconduct.

About Our Cookie Policy

In this section you will find information on what cookies may be set when you visit the Simons Design website and how to reject or delete those cookies.

How to control and delete cookies

Simons Design will not use cookies to collect personally identifiable information about you. However, if you wish to restrict or block the cookies which are set by our website, or indeed any other website, you can do this through your browser settings. The Help function within your browser should tell you how.

Alternatively, you may wish to visit which contains comprehensive information on how to do this on a wide variety of browsers. You will also find details on how to delete cookies from your computer as well as more general information about cookies. For information on how to do this on the browser of your mobile phone you will need to refer to your handset manual.

Please be aware that restricting cookies may impact on the functionality of the Simons Design website.

Third Party Cookies

Simons Design also use a number of suppliers who also set cookies on our website on its behalf in order to deliver the services that they are providing. If you would like more information about the cookies used by these suppliers, as well as information on how to opt-out, please see their individual privacy policies listed below.

Google Analytics

Simons Design website uses Google Analytics, a web analytics service provided by Google, Inc. Google Analytics sets a cookie in order to evaluate your use of the website and compile reports for us on activity.

Google stores the information collected by the cookie on servers in the United States. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. By using our website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

Cookie Names & Descriptions

This website uses cookies in conjunction with Google Analytics. For a list of cookies and their descriptions visit this link; Google Analytics Cookie Usage on Websites

Cookie Name

Cookie Description



Used for tracking your acceptance for using cookies

30 days

How to block or delete cookies, please visit;